New Industry Consortium to Transform Third-Party Risk Management

November 15, 2017

A consortium of financial institutions, including American Express, Bank of America, JPMorgan Chase and Wells Fargo, have announced the formation of TruSight, a company designed to combine best practices and simplify the process of conducting third-party risk assessments of suppliers and partners across the financial services industry.

“We are breaking new ground in the financial services industry by creating a consistent and efficient process for assessing third-parties,” said Abel Clark, CEO of TruSight. “TruSight’s unique approach brings together industry participants and harnesses their collective expertise, allowing us to ensure the same high standards are met across the board. This inclusive, cross-industry effort will also simplify and streamline the third-party risk assessment process for financial institutions and their suppliers, delivering real benefits for all.”

TruSight’s founders selected Clark, who has more than 20 years of experience running financial technology and information services businesses, to lead the initiative to transform and simplify the way financial institutions manage third-party relationships. Clark was most recently Global Managing Director for Thomson Reuters’ $5 billion Financial business, and in prior roles managed its foreign exchange and fixed income trading systems business and served as group Chief Strategy Officer.

Transforming Third-Party Risk Management

The complexity of risk events and regulatory focus have underscored the importance of ensuring that third-party suppliers and partners that interact with financial institutions are adequately prepared to manage and mitigate risk. Currently the industry lacks a simple and comprehensive approach to gather and validate third-party risk assessment information. This causes financial institutions and third parties of all sizes to spend valuable resources requesting, providing and validating assessment information in an inefficient and duplicative manner.

TruSight addresses these challenges by gathering information critical to thoroughly evaluate a service providers’ risk profile, including information security, technology, hiring practices and governance among others. TruSight then verifies the information through remote or on-site validation to ensure the processes and practices are operating as described. This information is stored on a secure, shared platform available to financial institutions of all sizes, including investment banks, wealth management firms, asset managers, credit card companies, insurers and community and regional banks. Each institution then uses the information to make its own vendor risk and engagement decisions.

Insights regarding TruSight’s Innovative Effort

“This is the first time that leading members of the financial services industry have come together to help all institutions mitigate risk among their vendors,” said Ken Litton, Managing Director and Chief Procurement Officer of JPMorgan Chase. “Financial institutions of all sizes can benefit from the confidence and added credibility that comes from using industry standards to gather and validate third-party risk information. We look forward to TruSight’s work with institutions and third-party vendors to combine risk management and control best practices.”

“With the pressure to improve oversight comes the need for a risk management partner that understands the third-party value chain,” said Adam Topkis, Senior Vice President, Wells Fargo Finance Shared Services. “TruSight possesses an enormous amount of collective expertise and that will continue to grow as they bring more financial industry participants on board.”

“TruSight will help us continue to drive rigor and consistency in our third-party risk management processes,” said Paul Fabara, President, Global Risk, Banking and Compliance and Chief Risk Officer, American Express Company. “In this complex and evolving environment, TruSight will provide the right expertise, efficiency and speed to support best-in-class third-party risk management.”

“TruSight will establish a consistent approach to managing third-party risks associated with cyber threats and leverage best practices that will improve the industry as a whole,” said Craig Froelich, Bank of America’s Chief Information Security Officer.